friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Issue 8565: Sanitize input data 

Fixes #8565
This commit is contained in:
Michael 2020-05-17 06:13:58 +00:00
parent 78d6137ee3
commit d771c50d63
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Model/GServer.php
View File

@ -339,7 +339,7 @@ class GServer
* @param string $server_url address of the server * @param string $server_url address of the server
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/ */
private static function discoverRelay(string $server_url) public static function discoverRelay(string $server_url)
{ {
Logger::info('Discover relay data', ['server' => $server_url]); Logger::info('Discover relay data', ['server' => $server_url]);
@ -353,6 +353,15 @@ class GServer
return; return;
} }
// Sanitize incoming data, see https://github.com/friendica/friendica/issues/8565
$data['subscribe'] = (bool)$data['subscribe'] ?? false;
if (!$data['subscribe'] || empty($data['scope']) || !in_array(strtolower($data['scope']), ['all', 'tags'])) {
$data['scope'] = '';
$data['subscribe'] = false;
$data['tags'] = [];
}
$gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]); $gserver = DBA::selectFirst('gserver', ['id', 'relay-subscribe', 'relay-scope'], ['nurl' => Strings::normaliseLink($server_url)]);
if (!DBA::isResult($gserver)) { if (!DBA::isResult($gserver)) {
return; return;